Good day all,
I have followed the wiki article on setting up vsftpd on centos with virtual users.
I was wondering if anyone had an example of knowledge on how to add another "readonly" user. I don't want to enable anon access. The issue I have is that the tutorial (from the wiki) uses the same real system user (ftp) - so permissions don't apply.
d
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
dnk wrote:
Good day all,
I have followed the wiki article on setting up vsftpd on centos with virtual users.
Do you refer to: http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users
?
I was wondering if anyone had an example of knowledge on how to add another "readonly" user.
Did you use the script vsftpd_virtualuser_add.sh to do so ?
I don't want to enable anon access. The issue
I have is that the tutorial (from the wiki) uses the same real system user (ftp) - so permissions don't apply.
How ? explain a bit more please.
- -- Alain Reguera Delgado al@ciget.cienfuegos.cu
On 10-Feb-09, at 12:06 PM, Alain Reguera Delgado wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
dnk wrote:
Good day all,
I have followed the wiki article on setting up vsftpd on centos with virtual users.
Do you refer to: http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users
?
I was wondering if anyone had an example of knowledge on how to add another "readonly" user.
Did you use the script vsftpd_virtualuser_add.sh to do so ?
No I did not. I had started originally with the http://linuxforfun.net/2008/04/05/vsftpd-virtual-users/ link, and then when I came across the wiki article, I gleaned if for further additional info.
I don't want to enable anon access. The issue
I have is that the tutorial (from the wiki) uses the same real system user (ftp) - so permissions don't apply.
How ? explain a bit more please.
Ok, for more detail,
I used some of the info from the wiki, and from http://linuxforfun.net/2008/04/05/vsftpd-virtual-users/ .
My actual vsftpd.conf is:
anonymous_enable=NO local_enable=YES chroot_local_user=YES hide_ids=YES listen=YES local_umask=022 connect_from_port_20=YES pasv_min_port=62222 pasv_max_port=63333 guest_enable=YES guest_username=ftp nopriv_user=ftp virtual_use_local_privs=YES write_enable=YES pam_service_name=vsftpd-virtual user_sub_token=$USER local_root=/home/ftproot/$USER listen_address=xxx.xxx.xxx.xxx max_clients=50 session_support=NO use_localtime=YES userlist_enable=YES userlist_file=/etc/vsftpd/denied_users xferlog_enable=YES
my /etc/pam.d/vsftpd-virtual file:
auth required pam_userdb.so db=/etc/vsftpd/users/virtual-users account required pam_userdb.so db=/etc/vsftpd/users/virtual-users
So long story short... I have for read / write:
user1 -> /home/ftproot/user1 (home folder)
Then I would like to create user2 and have read only:
user2 -> /home/ftproot/user1
D
On 10-Feb-09, at 1:04 PM, dnk wrote:
On 10-Feb-09, at 12:06 PM, Alain Reguera Delgado wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
dnk wrote:
Good day all,
I have followed the wiki article on setting up vsftpd on centos with virtual users.
Do you refer to: http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users
?
I was wondering if anyone had an example of knowledge on how to add another "readonly" user.
Did you use the script vsftpd_virtualuser_add.sh to do so ?
No I did not. I had started originally with the http://linuxforfun.net/2008/04/05/vsftpd-virtual-users/ link, and then when I came across the wiki article, I gleaned if for further additional info.
I don't want to enable anon access. The issue
I have is that the tutorial (from the wiki) uses the same real system user (ftp) - so permissions don't apply.
How ? explain a bit more please.
Ok, for more detail,
I used some of the info from the wiki, and from http://linuxforfun.net/2008/04/05/vsftpd-virtual-users/ .
My actual vsftpd.conf is:
anonymous_enable=NO local_enable=YES chroot_local_user=YES hide_ids=YES listen=YES local_umask=022 connect_from_port_20=YES pasv_min_port=62222 pasv_max_port=63333 guest_enable=YES guest_username=ftp nopriv_user=ftp virtual_use_local_privs=YES write_enable=YES pam_service_name=vsftpd-virtual user_sub_token=$USER local_root=/home/ftproot/$USER listen_address=xxx.xxx.xxx.xxx max_clients=50 session_support=NO use_localtime=YES userlist_enable=YES userlist_file=/etc/vsftpd/denied_users xferlog_enable=YES
my /etc/pam.d/vsftpd-virtual file:
auth required pam_userdb.so db=/etc/vsftpd/users/virtual-users account required pam_userdb.so db=/etc/vsftpd/users/virtual-users
So long story short... I have for read / write:
user1 -> /home/ftproot/user1 (home folder)
Then I would like to create user2 and have read only:
user2 -> /home/ftproot/user1
D
I may have found the answer to my own question..... just trying it out.
d
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
dnk wrote: ...
I used some of the info from the wiki, and from http://linuxforfun.net/2008/04/05/vsftpd-virtual-users/
...
I may have found the answer to my own question..... just trying it out.
;^)
Let know your results.
- -- Alain Reguera Delgado al@ciget.cienfuegos.cu
On 10-Feb-09, at 1:30 PM, Alain Reguera Delgado wrote:
I may have found the answer to my own question..... just trying it out.
;^)
Let know your results.
No good... the specific setup i found included with the VSFTPD examples won't "quite" do what I needed. and from my searching, I am not sure it can.
USER 1 home = /home/ftproot/user1 has full read/write access
USER 2 home = /home/ftproot/user has only read/download access
USER 3 home = /home/ftproot/user3 has full read/write access
USER 4 home = /home/ftproot/user4 has full read/write access
etc etc etc
I just need to have the option to have a "read only" account able to access another users directory. There is no main directory that all users work out of.
d
On 10-Feb-09, at 3:14 PM, dnk wrote:
On 10-Feb-09, at 1:30 PM, Alain Reguera Delgado wrote:
I may have found the answer to my own question..... just trying it out.
;^)
Let know your results.
No good... the specific setup i found included with the VSFTPD examples won't "quite" do what I needed. and from my searching, I am not sure it can.
USER 1 home = /home/ftproot/user1 has full read/write access
USER 2 home = /home/ftproot/user has only read/download access
USER 3 home = /home/ftproot/user3 has full read/write access
USER 4 home = /home/ftproot/user4 has full read/write access
etc etc etc
I just need to have the option to have a "read only" account able to access another users directory. There is no main directory that all users work out of.
d
OOPS, typo Should be:
USER 2 home = /home/ftproot/user1 has only read/download access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
dnk wrote: ...
I just need to have the option to have a "read only" account able to access another users directory. There is no main directory that all users work out of.
Don't know how possible that could be. Remember that each user is in a chrooted environment, each user is confined into its own directory.
Best Regards, - -- Alain Reguera Delgado al@ciget.cienfuegos.cu
On 11-Feb-09, at 7:05 AM, Alain Reguera Delgado wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
dnk wrote: ...
I just need to have the option to have a "read only" account able to access another users directory. There is no main directory that all users work out of.
Don't know how possible that could be. Remember that each user is in a chrooted environment, each user is confined into its own directory.
Best Regards,
Alain Reguera Delgado al@ciget.cienfuegos.cu
Well as far as I have made it, it is possible to share a directory by using a "per user" config option. It is geting hte different permissions I am having to deal with. Part of me thinks this would be easier using a real system account so I can restrict permissions using tools like chmod, etc. But I hate the idea of using system accounts for FTP.
d
On 11-Feb-09, at 8:50 AM, dnk wrote:
Well as far as I have made it, it is possible to share a directory by using a "per user" config option. It is geting hte different permissions I am having to deal with. Part of me thinks this would be easier using a real system account so I can restrict permissions using tools like chmod, etc. But I hate the idea of using system accounts for FTP.
d
Just to add to it, I got it all figured out. I just setup vsftpd to a regular non anon access type system. I then just had a per user config for the read only users that epcified the home directory of the read/ write user, and a enable_write=NO directive.
d
dnk wrote:
Good day all,
I have followed the wiki article on setting up vsftpd on centos with virtual users.
I was wondering if anyone had an example of knowledge on how to add another "readonly" user. I don't want to enable anon access. The issue I have is that the tutorial (from the wiki) uses the same real system user (ftp) - so permissions don't apply.
the 'FTP' user shouldn't have write access to anything, anyways.
-
Alain Reguera Delgado -
dnk -
John R Pierce -
Steven Tardy